How To Modify User Accounts in Linux Using usermod Command

0

Linux administrators often receive requests to create users in Linux unless the organization uses LDAP and also to modify or change existing user’s attributes. As a Linux administrator, you should be well versed with creating users, removing users, and modifying users in Linux.

This post explains to you how to modify user accounts in Linux using the usermod command.

Prerequisites

  • To be able to create a user account, you need to be logged in as a root user or a user with sudo privileges.
  • User must already exist in the system.

usermod command

In Linux, you can change the existing user’s account attributes such as home directory, account expiration date, login shell, etc. with usermod command.

Syntax:

usermod [options] user_name

Change User Home Directory

You will receive this type of request to change user’s home directory for functional id which is used for running applications.

Use the -d option to change the home directory of the existing user.

For example, to change the home directory of the user weadmin to /opt/webadmin, use:

usermod -d /opt/webadmin webadmin

Verify that the user’s home directory is /opt/webadmin by checking /etc/passwd file.

grep -i webadmin /etc/passwd

Output:

webadmin:x:1000:1000::/opt/webadmin:/bin/bash

Change User Home Directory and Move Files

When only -d is specified as an option for usermod command, it just changes the existing user’s home directory to /opt/webadmin, not the files or directories present in the old home directory.

If you want to move the existing user’s files along, use the -d <path_to_homedirectory> and -m option.

usermod -d /opt/webadmin -m webadmin

Verify that files have been moved to the new home directory.

ls -al /opt/webadmin

Output:

[[email protected] ~]# ls -al /opt/webadmin
total 16
drwx------. 2 webadmin webadmin  83 Apr 22 12:54 .
drwxr-xr-x. 3 root     root      22 Apr 22 12:54 ..
-rw-------. 1 webadmin webadmin  10 Apr 22 12:54 .bash_history
-rw-r--r--. 1 webadmin webadmin  18 Apr 10  2018 .bash_logout
-rw-r--r--. 1 webadmin webadmin 193 Apr 10  2018 .bash_profile
-rw-r--r--. 1 webadmin webadmin 231 Apr 10  2018 .bashrc
[[email protected] ~]#

Change User Login Name

This option is beneficial if you have created a user with misspelled names. Use the -l option to change the login name of the existing user.

For example, to change the login name of the user weadmin to webmaster, use:

usermod -l webmaster webadmin

Verify with id command to see if the webadmin user is still present in your system.

id webadmin

You should get id: webadmin: no such user message.

Check for webmaster account in the system.

grep -i webmaster /etc/passwd

Output:

webmaster:x:1000:1000::/opt/webadmin:/bin/bash

Change User’s UID

Use the -u option to change user’s UID to a specific UID. To change the UID of webmaster with UID of 1999, you need to use.

Recommended to choose the UID between 1000 to 60000.

usermod -u 1999 webmaster

Verify that the user’s UID is 1999 using the id command.

id webmaster

Output:

uid=1999(webmaster) gid=1000(webadmin) groups=1000(webadmin)

Change User’s Primary Group

You can change the existing user primary group with -g option.

You can either specify the group name or the GID with usermod command.

usermod -g webusers webmaster

The group name or GID must already exist.

Verify that the user’s primary group is web using the id command.

id webmaster

Output:

uid=1999(webmaster) gid=1001(webusers) groups=1001(webusers)

Add existing User to Multiple Groups

As you are aware, the user can only be part of one primary group and multiple secondary groups (optional). The -G option is to add a user to additional groups.

Using -G option alone will remove all existing groups the user belongs. So, add -a option with -G to add to multiple secondary groups.

A comma must separate group names.

usermod -a -G group_name1,group_name2,group_name3 user_name

Verify the groups the user belongs to using the id command.

id user_name

Output:

uid=2000(user_name) gid=2000(user_name) groups=2000(user_name),1002(group_name1),1004(group_name2),1005(group_name3)

Change User Account Expiry Date

This is quite useful when you want to enable the user whose account has expired.

The -e option allows setting the expiry date for the user. The date must be specified in YYYY-MM-DD format.

Check the current expiration date of user webmaster with chage command

chage -l webmaster

Output:

Last password change                                    : Apr 22, 2019
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : Apr 30, 2019
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

The expiration date of the webmaster user is April 30th, 2019. To change the expiry date of webmaster to May 31st, 2019, you can use.

usermod -e 2019-05-31 webmaster

Verify the user’s expiration date using the chage command.

chage -l webmaster

Output:

Last password change                                    : Apr 22, 2019
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : May 31, 2019
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

Change User’s Login Shell

Sometimes, due to the useradd command’s default behavior, the user you have created may not have correct login shell set.

By default, when a useradd command issued without any options, the user will be created with /bin/bash (RHEL) or /bin/sh (Debian / Ubuntu) shell.

The -s option change login shell for an existing user.

To change the user webmaster login shell to /bin/bash, use.

usermod -s /bin/bash webmaster

Verify the user’s login shell by reading the /etc/passwd file.

grep -i webmaster /etc/passwd

Output:

webmaster:x:1999:1001::/opt/webadmin:/bin/bash

Lock User Account

To lock any user account, you can use -L option. This option makes the user account unusable unless you unlock it.

usermod -L webmaster

Check the account status with the following command. You would see an exclamation (!) added before the encrypted password.

grep -i webmaster /etc/shadow

Output:

webmaster:!$6$kb9ws2Wd$.9Ip0xMGTAeBlZXG7c1Hriaj60VdYkXPQn0o8W2PEkDfjBOEJIT3nm52mBR8B1VTYGXnfyvgt.fxiYy7Q8nOI0:18008:0:99999:7::18047:

Unlock User Account

The -U option is used to unlock a locked user.

usermod -U webmaster

Verify the account status post you unlock the user. You should not see any exclamation (!) before the encrypted password.

grep -i webmaster /etc/shadow

Output:

webmaster:$6$kb9ws2Wd$.9Ip0xMGTAeBlZXG7c1Hriaj60VdYkXPQn0o8W2PEkDfjBOEJIT3nm52mBR8B1VTYGXnfyvgt.fxiYy7Q8nOI0:18008:0:99999:7::18047:

Conclusion

I hope you have learned how to use the usermod command in Linux to modify user attributes. The examples were shown with a single option. However, you can combine options to get the desired results.

You might also like